How Not to Unwittingly Reveal Company Secrets

Social-media technologies offer plenty of ways for your company to gain valuable insights about your customers and industry — see our previous blog post. But they can also give competitors an up-close-and-personal view into your employees’ ideas and your company’s product plans, as well as its relationships with customers or clients.

Through unwitting leaks of critical information by employees, platforms like Facebook and Twitter can expose some of your company’s secrets. Leaks are nothing new; companies have been eavesdropping on each other forever. But social technologies open new channels that permit snooping on an unprecedented scale. That’s why corporate social-media strategy should include not only engaging customers, gathering intelligence, and reinforcing brands, but also shielding the company from prying eyes.

Here’s a quick quiz: Have you ever tweeted your business-travel plans? Does your LinkedIn profile describe what you do in great detail? Is localization enabled on your mobile device when you use social media?

If you answered yes to any of those, you and your company may have left footprints that your competitors can detect and analyze.

For example: An analyst wanted to generate data on how a major consumer-electronics company’s leading product was doing. In a matter of minutes, readily available software tools mined half a million social-media comments for information about the company, revealing that 75% of 21-to-35-year-olds and 60% of 36-to-50-year-olds had made neutral or negative comments about it while people 20 and younger (a group largely underestimated by the company) showed 100% positive sentiment about it. The analyst inferred that the company was losing its business customers fast and that a competitor could gain by targeting younger users.

Employees and senior executives alike are sometimes too casual about disseminating the information they possess, or they don’t understand what’s confidential and what isn’t. A few tweets or Facebook comments about a work project can give a competitor valuable insight into a company’s product plans, and travel information might suggest that marketers or salespeople are aiming at new clients or regions.

As an exercise, we analyzed the LinkedIn profile of a senior executive from an aerospace company, responsible for sales in Latin America and the Caribbean. We noticed that he had added new links to salespeople in a new region in a short period of time. The contacts were highly suggestive of the company’s plans.

And it’s not just Facebook, Twitter, and LinkedIn. Sites such as Glassdoor that allow job candidates to talk frankly about companies and share firms’ salary structures, and Gethuman, which provides average customer wait times for service reps, can be pretty revealing too.

Nor do the tools have to be the high-end, James Bond type: Simple tools can help aggregate and analyze information. Wordle, for example, can show a word cloud that reveals patterns. In one cloud we created from social-media comments about a new CEO in the European insurance industry, the words “restructuring” and “operations” stood out, suggesting what he’s planning to do. The prominence of the words “salary” and “bonus” suggested sources of pressure.

There’s a vague but growing awareness of these vulnerabilities in the corporate world: One recent survey shows that companies are beginning to recognize the risks posed by social media to their confidential information, with 37% of employers saying that Facebook poses the greatest risk and 27% citing LinkedIn. Another study shows that only 50% of senior financial executives from both public and private companies are confident that sensitive or confidential information is adequately protected on social-media platforms.

But most companies are still unaware of the risks and the tools that can help mitigate the danger. Here are a few measures that every company should consider to reduce its exposure.

Assess. Determine what’s important for your company to protect. Perform an internal assessment to look for the core information that you care about most, and tailor policies and actions around the findings.

Educate. Make sure everyone in the company understands what information might be sensitive. An individual’s list of LinkedIn connections or Twitter followers reveals his or her networks. Facebook likes and favorite articles in Google Plus leave footprints showing areas a person has studied and new strategic initiatives he or she may be involved in.

Guide. Establish clear and simple social-media usage policies. There’s a database of such policies here to help you get started.

Keep it inside. Implement and promote internal social networks that are walled off from the outside world. These platforms allow employees to talk shop in a social environment without risking information leakage. Use incentives to encourage adoption, and make sure senior employees lead by example.

Monitor. Set up continuous monitoring of employees’ postings on social media about such matters as business travel, job assignments, and reorganizations. Dell, for example, has established a social-media listening center to track conversations and provide intelligence to executives. Put yourself in your competitors’ shoes and war-game a determined effort to find information about your company.

Limit. There’s little reason why your company’s information should be accessible by analytical tools such as those that allow users to download critical data or analyze an individual’s full social-media postings. Most tools allow webmasters to prevent spiders from crawling and indexing their sites.

Disable geolocation. Make sure employees turn off social-media geolocation features. Many companies have found that it’s ineffective to simply forbid the practice. It’s better to educate employees and show them the footprints they’ve already left. Take a look at what an app created by O’Reilly researchers Alasdair Allan and Pete Warden did with the geolocation information harvested from the consolidated.db file of the iPhone of a person living in New England.

Social media, by its very nature, is a tricky space to navigate. Both the opportunities and the risks are often hard to perceive. The key to seeing and minimizing the risks is to continuously test tools so that you can see where competitors might be able to find your secrets. At the same time, invest effort and senior management time in setting a good example.

Now it’s your turn to act: Become a role model and help bring attention to the risks of social intelligence to your company. You can start by tweeting this article.

Martin Harrysson (@martinharryson) is a consultant in McKinsey & Company’s Silicon Valley office, Estelle Metayer (@competia) is the president of Competia and an adjunct professor at McGill University, and Hugo Sarrazin (@hugosarrazin) is a partner in McKinsey & Company’s Silicon Valley office.